Unfortunately there's also bugs on the farm that need patching. I have to build a roll away nesting box because my chickens discovered their own eggs are tasty

@@MentalOutlaw oof

It actually worked out pretty well for C0V1D...

@@MentalOutlaw The chicken wire patch has yet to secure against the fox no-clip exploit.

@@MentalOutlaw Man...

Common divine W

As the Lord intended.

The Lord Jesus Christ Antivirus 2000 has proven to be impenetrable.

Anyone can be safe if they unplug the ethernet cable.

after jesus turned water to wine, he turned software vulnerabilities into history 🙏

Yeah! Let's get em!

China to be precise in this case

including monarchy?

Shut up

Same.

May 1st: IRL RCE that allows you to become God.

Pov you are on TempleOS: 🗿

​@@noodlez7101Considering the first neuralink brain implant was installed successfully, there's not much time left until RCE that allows you to literally get a botnet of living people under control.

May 30, Elon musk discovers rce irl and paywalls the sun

June 1st: the singularity begins, but no one notices because they're too busy watching monkey videos on Tik Tok....

What's more surprising is that ColdFusion still exists. Like PHP, I guess they need scripting languages that even minimum wage, computer illiterate script kiddies can copy and paste spaghetti code for.

kzbin.info/www/bejne/ZpuuYayqq8-pY6csi=n9BeRV1JsuCrxq0b

What happened in the 80s stayed in the 80s except for Perl.

People like me use PERL I went into IT wanting a website with 15 so HTML/CSS first, later on I wanted dynamic stuff so PHP it was. Fast forward to my second job, JavaScript was still something you use precisely on websites and nowhere else, and Python was still a weird mess with shit syntax nobody trusted, I needed something to take one XML as input and shit out another one, never heard of XSLT or XPath, all I knew was PHP and Regex. PERL came in clutch, I learned enough of it in like 10 minutes and immediately it just werked for me. Never used it outside of that due to my current job not giving us sysadmin to install software but man, in my old job I even got props from the local actual programmers because most of them only did C# and were down the OOP Rabbit Hole to bad to be quickhacking little stuff. If you want to survive in the rapidly evolving tech landscape outside of FAGMAN you'll be surprised how much legacy shit you will inevitably find, how useful powerful text handling can be and how very much in demand older stuff still is, because all the systems in most bigger companies are a legacy crap festival. If you hate learning a new framework every week, go into finance, banking, aviation or traffic control.

@@brostoevsky22 Is this encryption? No its a new perl script I've been working on

Hey. Does this vulnerability require the PHP code to explicitly convert from one charset to another? So if a website just expects user input to be in UTF8 , it's safe. Just don't use mb_convert_encoding function that's enough right?

php for life bro

it's a feature not a bug. Job Security

PHP Numero Uno

Im hyped

The dead internet is real 😂

Sure hope that updating all these package update I did on all our dockers and vms updated to the new glibc version.

War has become a series of proxy battles fought by AI

Not at all, read the CVE. its a 4 byte overflow, when using iconv with a specific chinese encoding that is NEVER used in the west. Also why would the end user be in control of the encoding format for iconv? Realistically that would never happen, unless the site is a PHP sandbox.

You are born to deploy kubernetess clusters. Lol

@@vito2320 It's the sysadmin equivalent of living in the pod and eating the bugs, you hate to see it.

I don’t understand the negative responses to this. Less code means less surface area for vulnerabilities. It’s not just glibc, openrc and ash instead of systemd and bash. When you all set up a server do you need user services or array functionality in your shell, because I sure don’t.

Gotta stop writing code then

no

Welcome to the singularity...

I'll go add some unsafe eval() queries to my python code rq. just for you :)

Welcome to our job; we all make code vulnerable. We just don't know when or with what language, but it could certainly be any of them.

Patches are for cowards

🙃 let me check, give me your ip

Hell yeah

You guys are silly, they're gonna be looking for SECURE data!

No risk no fun

can confirm - using it in containers on prod for years

And the default base Docker image of Gitea instances.

I've been doing this for 4 or 5 years at least now

Except with solved DNS issues (ndots), alpine is very good. Widely used in production

I mean your president is a gay who "married" a man who molested him as a child so no wonder

I work in french medical sector and most of it relies on outdated and insecure technologies from around 2000s :)

why didnt I get one

I clicked on the link in that email to "read the best practices to protect myself". You have to select which case applies to you but "absolute incompétence from the administration" isn't an option.

Didn't this also happen to Guatemala or something? Scary

nerd

Even if you are to take FOSS CVEs as indicating a problem, we just had a windows issue like 2 weeks ago and instead of MS fixing it, the programming languages had to add workarounds to avoid triggering it, which tells you all you need to know

seriously, this is the entire point of open source software and why it's so important for community involvement in software development. When it comes to Apple/MS your system gets hacked and you'll never know or know why.

Is like that movie where a kid deciphers some kind of goverment code and instead of making a better encoding algorithm they try to kill the child haha

Red teams everywhere are about to have a field day

​@@rideroftheforce5245 what does this mean

@@crusaderACR I was just saying that red team pen testers are going to have a lot of successful attacks on their clients in the near future with this vulnerability

I don't get why anybody would use php in 2024, go is a much better alternative for the backend, for frontend just use svelte.

Trust me, WordPress sites didn't need this bug to be considered insecure. WordPress has consistently been a security nightmare.

They deserve it for using WP.

Imagine how many will be after the talk. You can't expect them to UPDATE their servers? I mean that entails actually hiring a tech to do it! Expensive stuff.

@@iiisaac1312 Wordpress bro here, I enjoy my lambo, don't mad.

@@SGresponse 70% of the web is build on Php….this a total car crash

Windows isn’t actually vulnerable to this bug lmao

😂

With the runtime which calls this glibc function?

Lol well that would save me from the difficult journey of rewriting my eCommerce site in Rust.

​@@MentalOutlaw We need to fork rust to make the compiler punch devs into the balls every time they make a mistake, so that way they won't code any bugs even when writing in other languages (they most likely won't code at all tho)

I will do that if you promise to port 30% of plugins

@@_________________404 Lemme tell you something, almost every compiled programming language uses LLVM as it's backend mostly because it's good and let's you bind your code with other programming languages that use LLVM too. Rust has a compiler, but a frontend which checks your code, LLVM does the dirty work. It's not even about rust, I don't know why would you even comment that it's just stupid.

@@_________________404 What's so good do you find about C++ compared to rust tho? Have you ever tried them or you just made up your opinion from some KZbin video and now yelling it everywhere?

No, theoretically, software can be impenetrable

​​​@@Deniil2000but is in practicallity nearly impossible Doubt on would perfectly set everything up down to binary code and Electric components And even so, all it takes is a rare case of the suns radiation conviently changing that one 1/0 to mess it all up

unless my reading comprehension is poor (a possibility) I believe this was discovered 24 years ago and only found to be truly exploitable 24 years later.

@@anon8510 So your conclusion is he didn't get to the point quick enough? Attention is a rare commodity these days.

@@anon8510 Also good non-committal username. Choose better.

@@anon8510 because you care about my watching a video to the end

@@anon8510 how short is your username? this is getting ridiculous. I made a quick funny comment on a video I didn't want to watch to the end, because I'm a developer that doesn't care about a lot of open source bullshit... and this continues. Game over.

114/366 year is unlocked

Year of obscure vulnerabilities. Like who converts characters from UCS4 to ISO-2022-CN-EXT or haves unstable packages in production or allowing everybody running CLI commands remotely

I just wanna know who hooked ChatGPT up to metasploit and told it to go ham.

Perhaps that’s what he meant? Maybe he means the hosting servers not containers

Even if you could prevent it in your PHP code, in most cases when have no control over the software on the host your using shared hosting. So even if you could prevent it in your code, everyone else running a site on the server would also have to make sure their code prevents it. Any decent company offering hosting should be keeping an eye out for exploits & updating the software ASAP when patches come out for severe bugs.

yeah, sure ... what is not secure about php? is really weird that most of todays servers are powered by php, and WP on top of php, yet they do not get hacked left and right

@@GhiveciuMarian ...mOsT sErVeRs PoWeRed By pHp... 🥴 Having higher quantity of crap WP deployments doesn't mean that it's used more to serve actual http traffic.

It's happened before (for example, the time they exploited gpu passthroughs to get into the host's graphics driver)

Spectre, rowhammer.

I can still remember the conversation with my boss about Spectre. We immediately went to management on our DoD contract and got their cloud plans scuttled punctuated by "We told you so!"

They already can detect if they run in a vm or not.

@@mawnkey At that time I spent two hours figuring out why my Windows 7 got so slow after a DELL Precision 5820 BIOS update. Apparently, it was the stupid Spectre patch. I first reverted the BIOS update after I later discovered that the Spectre patch can be simply disabled in the Windows Registry, after which I flashed my BIOS again. Rather fast and vulnerable than slow and safe. No end user has ever been hacked by this anyway. It's a different story when you are a cloud farm.

Same thing happened on based.win backend, confirmed it this weekend when I saw the open wall post

​@@MentalOutlaw Yeah might be a good video, ensuring security updates are on auto. Also, I'm kind of embarrassed how much I use LAMP but man its so fast to deploy

Write your own vulnerabilities. Take charge! Nice.

Okay but how are you going to produce your own hardware?

They are probably using ai to discover new toys as we speak

@@tavanogrim no wonders, that could happen

Probably not. These kinds of things have to happen or no one would believe the open source process is working.

They're leaking all of this themselves. Conditioning people to accept Rust as a "safe and secure" Messiah. Then it'll be even easier to slide in backdoors when no one's looking.

like its not (((them))) """discovering""" all these vulnerabilities

They're leaking all of this themselves. Conditioning people to accept Rust as a "safe and secure" Messiah. Then it'll be even easier to slide in backdoors when no one's looking.

Just way more people now.

@@rusi6219 Just look at the people who are involved with rust, that alone is a reason to be skeptical about it.

except it is (buffer overrun)

Php didn't catch up

We fixed it with UTF-8 being the de facto web encoding. But… legacy stuff.